Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Solutions to Ease the DDOS Trickle-Down Effect?

Cliff posted more than 9 years ago | from the snowballing-traffic dept.

The Internet 15

dealsites asks: "Recently, The Electorial Vote website run by Andrew Tanenbaum was hit with a triple-threat. Not only was it Slashdotted, it was hit with a DDOS attack in conjunction with the busiest normal traffic day, due to the election. Netcraft has an article detailing the steps taken to mitigate the traffic. Andrew's host provider is also the provider of my site. I'm sure were are on separate servers, him a dedicated server and semi-dedicated hardware for myself, but I noticed dramatic slowdowns of my site during this triple-threat traffic onslaught to Andrew's site. Are there any techniques other than throwing more CPUs and bandwidth at the problem to remedy this type of situation? I'm sure I can't be the only one that has noticed this. Any comments on other similar stories?"

cancel ×

15 comments

Sorry! There are no comments related to the filter you selected.

one suggestion (1)

everyplace (527571) | more than 9 years ago | (#10706788)

My favorite solution to this problem : Don't get your site posted on slashdot!

Which, of course, I realize is a ridiculous statement, since it's usually both desirable, and out of your control. But still, its funny.

Nice. (3, Funny)

Dibblah (645750) | more than 9 years ago | (#10706793)

"Not only was it Slashdotted"... Twice. You evil, evil submitter.

Not to advertise (4, Informative)

ebrandsberg (75344) | more than 9 years ago | (#10706813)

But the company I work for provides products that help in situations like this, although pre-planning for such events is critical for surges like this to be handled cleanly. For anybody interested, check out http://www.netscaler.com/ [netscaler.com] for information. Some key things to look for:

1) That your upstream provider has sufficient capacity to handle large surges in traffic to one part of their infrastructure
2) If you expect to receive a large surge, to overprovision your upstream links
3) Make sure to have a front-end device that can determine "legitimate" traffic from bad traffic such as syn floods, and deal with the capacity of the upstream links.
4) Make sure you have the ability to cache hot content in case you max out your servers if you need too. You don't need to regenerate a page of voting information with every request if it only changes ever few minutes, cache it to reduce the server load.

In many cases, people fail to insure they have enough bandwidth on their upstream connections, and then put firewalls on the other side of the connection. Firewalls will tend to die under a heavy syn flood, and if they don't if you don't have enough capacity, it won't help anyway.

Re:Not to advertise (1)

Curien (267780) | more than 9 years ago | (#10708027)

Heh, I use to work for a web server admin shop, and about six months ago, we were considering going with a NetScaler product. We ended up going with something from F5 instead for entirely non-technical reasons.

I have since moved on to smaller and less-important things (but in Germany, and with higher pay), so I'm not sure how well it worked out.

Site is under attack currently... (2, Informative)

stienman (51024) | more than 9 years ago | (#10706817)

From the main page of electoralvote2.com:

All the servers appear to be under attack now, also DNS. I added another large multiprocessor but it doesn't seem to help much. I don't this is going to work. Sorry.

The remainder have older messages on them - not sure how or if they are being automatically synced.

Bummer, but kindof expected. Seems that he's using only one provider...

-Adam

coral (4, Insightful)

comwiz56 (447651) | more than 9 years ago | (#10706833)

auto redirect all hits to a coral cache

and maybe slashdot could post coralized links the in the articles

Re:coral (1)

Kris_J (10111) | more than 9 years ago | (#10707083)

If the site itself redirects to coral, won't that screw up the copy?

Re:coral (1)

comwiz56 (447651) | more than 9 years ago | (#10707377)

Javascript and possibly http headers could take care of that.

File size (5, Informative)

jm92956n (758515) | more than 9 years ago | (#10706851)

If you know you're about to get hit, minimize the graphics and streamline the code; this guy's got a page that's just over 30 kb (including graphics). Provided the page isn't generated dynamically, it shouldn't be too tough for a decent server to handle.

Throw in some flash and a bunch of fancy images and you've got a recipe for disaster.

Re:File size (3, Insightful)

Kris_J (10111) | more than 9 years ago | (#10707172)

That PNG map is two thirds larger than it needs to be. Less than a minute with pngout [advsys.net] reduces it from 14,632 to 8,839. Also, it doesn't look like the page is being served gzipped. This can be done by creating a .gz copy and having the web server software hand out whatever the browser can handle, little or no cost to the CPU. All up, the site is probably serving 50% more traffic than it need serve.

Deliberate troll... (0, Troll)

Slime-dogg (120473) | more than 9 years ago | (#10706972)

It's just as well that his site is knocked off. His links are either pro-Kerry, Non-Partisan, or "Mixed." There are no pro-Bush links.

I realize that he's got just as much of a right to say whatever he wants, but it troubles me that some people are looking to this as an authoritative source of information. IOW, he's biased.

Re:Deliberate troll... (2, Insightful)

Morosoph (693565) | more than 9 years ago | (#10707412)

Maybe Non-Partisan means just that. He also clearly links to a pro-Bush site. From this page [electoral-vote.com] :
I am a Kerry supporter. I am open about that. Despite my political preference, I have bent over backwards to be scrupulously honest about all the numbers, and have carefully designed the main page to be strictly nonpartisan. Only the third row of menu items below the map contains material that could be considered pro-Kerry (e.g., jokes about George Bush). If you are a Kerry supporter, an independent, a moderate Republican who is fed up with the President's fiscal and other policies or even a conservative Republican who feels betrayed and who has a sense of humor, you will probably enjoy them. If you want an election site that has a pro-Bush bias from beginning to end, including all over the main page, try www.electionprojection.com [electionprojection.com] .

Re:Deliberate troll... (3, Insightful)

dubl-u (51156) | more than 9 years ago | (#10708696)

It's just as well that his site is knocked off.

Yeah, that democracy stuff lets the wrong people have a say. Thank goodness there are script kiddies to prevent that. We should get together and buy a gift for them. How about some nice brown shirts?

I realize that he's got just as much of a right to say whatever he wants, but it troubles me that some people are looking to this as an authoritative source of information. IOW, he's biased.

Having an opinion doesn't mean that he's biased. Some people can separate the two. And he pretty clearly has.

He's honest about his opinions, makes clear where he gets his data, and has a simple formula that he used to do the totals and the map. Out of the history I have in my RSS reader, his tally had Bush leading 14 times, Kerry leading 13 times, and them tieing once. As far as I can tell it's an honest effort to present the poll results in a useful format. He even provides the data as a CSV, so you can run the numbers as you please.

So unless you have some proof that he's fudging the numbers, maybe you can lay off your apparently biased accusations of bias?

Yes, there are tools that can help. (0)

Anonymous Coward | more than 9 years ago | (#10707592)

Take a look here [cisco.com] and here [cisco.com] .

There is a way... (0)

Anonymous Coward | more than 9 years ago | (#10718589)

There are several things you can do to minimize or mitigate a DDOS attack, the first and most obvious method would be to host your server from two seperate hosting providors preferably in different geographic locations LA and NYC or Dallas and Seattle for example, have both IP's in dns with the same A record and it will be round-robined by DNS, so each visitor should be balanced between the two servers.

Another cheap way is to deploy an inline IPS device which mitigates the attack in real-time. Some devices performance range drasticly with price.

There are even some free ones such as OpenBSD' Packet Filter, this can supply advanced syn-flood protection, connection tracking and general packet scrubbing all within a low cost solution but with the lack of support and learning curve and completeness, so YMMV. I have tested several commercial devices and so far I am most impressed with the http://www.ddos.com/ [ddos.com] guy's box it thoroughly kicks ass for the price.

Anyways a couple of good sites to find more info on hardware, etc would be http://www.securityfocus.com/ [securityfocus.com] 's IDS mailinglist (yes all the IPS stuff goes here too) and also http://www.nss.co.uk/ [nss.co.uk] who do alot of independent reviews of this kind of hardware. They charge for some of their reports but most of it can be found on their site for free.

DDOS is a toughy, the best way is to keep a low profile :) if thats not an option, then your going to have to dish out some bucks to protect yourself. The Internet is the new Wild Wild West, there is no such thing as diplomacy.

Good luck.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>